package cn.tedu._11security.base.config;
/**
 * Spring Security配置类
 * EnableGlobalMethodSecurity注解：激活鉴权功能
 */

import cn.tedu._11security.security.UserDetailsServiceImpl;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.SecurityFilterChain;

@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
public class SecurityConfig {
    /**
     * 创建过滤器链
     * SecurityFilterChain :Security核心接口，提供一组安全过滤器，用来匹配请求规则并执行过滤

     */

    @Bean
    public UserDetailsServiceImpl userDetailsService(){
        return new UserDetailsServiceImpl();
    }




    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http ) throws Exception {
         http.authorizeHttpRequests(authorize-> authorize.
                 //对于公告的API允许访问
                 requestMatchers("/api/public/**").permitAll()
                 //其他的请求需要认证
                 .anyRequest().authenticated())
                 .formLogin(form->form
                         //登录相关的请求允许访问，不需要认证
                         .permitAll());
         //返回的对象放到IOC容器中，作为IOC容器中的Bean对象；
         return http.build();
    }










}
